lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20180809140834.59264-1-Yazen.Ghannam@amd.com>
Date:   Thu,  9 Aug 2018 09:08:33 -0500
From:   Yazen Ghannam <Yazen.Ghannam@....com>
To:     linux-edac@...r.kernel.org
Cc:     Yazen Ghannam <Yazen.Ghannam@....com>,
        linux-kernel@...r.kernel.org, bp@...e.de, tony.luck@...el.com,
        x86@...nel.org
Subject: [PATCH 1/2] x86/MCE/AMD: Check for NULL banks in THR interrupt handler

From: Yazen Ghannam <yazen.ghannam@....com>

If threshold_init_device() fails then per_cpu(threshold_banks) will be
deallocated. The thresholding interrupt handler will still be active, so
it's possible to get a NULL pointer dereference if a THR interrupt
happens and any of the structures are NULL.

Exit the handler if per_cpu(threshold_banks) is NULL and skip NULL
banks. MCA error information will still be in the registers. The
information will be logged during polling or in another MCA exception or
interrupt handler.

Fixes: 17ef4af0ec0f ("x86/mce/AMD: Use saved threshold block info in interrupt handler")
Cc: <stable@...r.kernel.org> # 4.13.x
Signed-off-by: Yazen Ghannam <yazen.ghannam@....com>
---
 arch/x86/kernel/cpu/mcheck/mce_amd.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c
index dd33c357548f..2dbf34250bbf 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
@@ -934,13 +934,21 @@ static void log_and_reset_block(struct threshold_block *block)
 static void amd_threshold_interrupt(void)
 {
 	struct threshold_block *first_block = NULL, *block = NULL, *tmp = NULL;
+	struct threshold_bank *th_bank = NULL;
 	unsigned int bank, cpu = smp_processor_id();
 
+	if (!per_cpu(threshold_banks, cpu))
+		return;
+
 	for (bank = 0; bank < mca_cfg.banks; ++bank) {
 		if (!(per_cpu(bank_map, cpu) & (1 << bank)))
 			continue;
 
-		first_block = per_cpu(threshold_banks, cpu)[bank]->blocks;
+		th_bank = per_cpu(threshold_banks, cpu)[bank];
+		if (!th_bank)
+			continue;
+
+		first_block = th_bank->blocks;
 		if (!first_block)
 			continue;
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ